Do not upgrade your system to Linux 5.6; new security fixes are broken

One of the fundamental practices in computer security is the installation of the latest system updates, although sometimes this practice can lead to more problems than it is supposed to prevent.

Users of Linux systems have been notified of a failure generated by the installation of the new Linux 5.6 kernel on devices using the Intel WiFi driver “IWLWIFI”.

In the installation of the pre-Linux 5.6 releases there was a set of mac80211 security fixes implemented by Intel’s Johannes Berg. Those solutions in turn generated some failures in the IWLWIFI driver that supports Intel’s current wireless chipsets on Linux.

Corrections are not assigned any particular CVE key and no additional technical details are mentioned. However, the maintainers mention: “Discard the data packets if there is no longer a key for them, after there are any, to avoid sending them in clear when hostapd deletes the key before it deletes the station and the packets are still queued, also verify the port authorization again after removal, to prevent the sending of packages if the station is no longer authorized”.

A network researcher notes that the fixes appear to be similar to the recently reported kr00k vulnerability, but for softmac instead of hardmac.

After multiple members of the cybersecurity community pointed to the lack of clarity about the technical details of the upgrade, network subsystem maintainer David Miller noted that there was a wireless regression, but that happened after Linux 5.6 release.

Corrections for mac80211 altered the IWLWIFI driver. The solution is simple but does not yet exist for Linux 5.6. At least, although the solution is known and should be chosen for Linux 5.6.1, wait a couple of days before testing the new kernel if it depends on the modern Intel WiFi driver.